Christian Biere ha scritto:
> gionnico wrote:
>> This is my question: is it possible to block outgoing traffic and to 
>> allow only gtk-gnutella with a good SPI firewall (iptables), that 
>> doesn't know the application that generated it?
> 
> On the same machine, the packet filter can determine the application
> and the user of each outbound packet, so you could restrict it
> appropriately locally. A router does not have this information and
> you cannot filter outbound traffic just by looking at the port numbers
> without degrading service. Outbound UDP traffic can be limited to
> the source port number that your peer uses. Outbound TCP traffic
> will either have the source port number of your peer or an anonymous
> source port number above 1023 (usually something above 32000).
> 

Thanks for the UDP suggestion!
And for TCP I think at least I'll only allow traffic generated from a 
high-port (and only my computer) for a little more security and less 
paranoia. ;)
 
 
 --
 Email.it, the professional e-mail, gratis per te: http://www.email.it/f
 
 Sponsor:
 Hai bisogno di un prestito? Chiedi a Prometeo qual è l’offerta sul mercato più 
adatta a te, chiedere non costa nulla e basta un click!
* 
 Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=7431&d=10-1

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
gtk-gnutella-devel mailing list
gtk-gnutella-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/gtk-gnutella-devel

Reply via email to